Russian Hackers Unleash Double Zero-Day Attack: RomCom Strikes Again!

A Russia-linked APT actor, RomCom, is at it again, chaining two zero-day vulnerabilities in Firefox and Windows. This digital duo exploits flaws like a magician pulling rabbits out of hats, deploying backdoors on victims’ machines faster than you can say “cybercrime.” Watch out, North America and Europe, RomCom’s got your number!

3P
Published: November 27, 2024 9:22 amAdded: November 27, 2024 at 1:37 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like RomCom’s got a sequel, and it’s not exactly a rom-com. This time, the bad guys are playing with zero-days like they’re free snacks at a tech conference. Microsoft and Mozilla, time to update your security patches faster than a teenager updates their social media status!

Key Points:

  • RomCom, a Russia-linked APT actor, is exploiting two zero-day vulnerabilities: CVE-2024-9680 (Firefox) and CVE-2024-49039 (Windows).
  • The exploits allow the actor to install a backdoor on victims’ machines without any user interaction.
  • Primarily targeting sectors in North America and Europe, these campaigns are both espionage and cybercrime-oriented.
  • Both vulnerabilities have been patched: Firefox on October 9, 2024, and Windows on November 12, 2024.
  • RomCom’s tactics include using a fake website to execute shellcode and redirecting victims to legitimate sites to avoid suspicion.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?